Skip Navigation
Book a Demo
Book a Demo

Featured Article

Sonatype Named in the 2023 Gartner® Magic Quadrant™ for Application Security Testing

By Tara Flynn Condon on May 23, 2023 AppSec

Sonatype is named to the 2023 Gartner Magic Quadrant for Application Security Testing (AST).

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Supply Chain Security Inside and Out

3 minute read time

Every organization needs to safeguard their SDLC. Take a look at two key aspects of ensuring external and internal security for your software supply chain.
Read More...
Claw grabber picking up a bad component
READ MORE

Protecting Software Developers from Malware with AI/ML Insights

By Mandeep Singh on April 20, 2023 featured

5 minute read time

Developer-targeted malware is a complex and difficult problem. A look at what tools and information are needed to reduce risk in your development pipeline.
Read More...
READ MORE

Sonatype Repository Firewall is an Easy Solution for a Big Problem

6 minute read time

Discover Sonatype Repository Firewall's AI-driven protection for SDLCs, blocking malicious components and ensuring a more secure software supply chain.
Read More...
READ MORE

PyPI Package 'secretslib' Drops Fileless Linux Malware to Mine Monero

By Ax Sharma on August 11, 2022 vulnerabilities

7 minute read time

Sonatype identified a 'secretslib' PyPI package that covertly installs cryptominers on Linux systems.
Read More...
READ MORE

Python Packages Upload Your AWS Keys, env vars, Secrets to the Web

By Ax Sharma on June 23, 2022 vulnerabilities

5 minute read time

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.
Read More...
READ MORE

New 'pymafka' Malicious Package Drops Cobalt Strike on macOS, Windows, Linux

By Ax Sharma on May 20, 2022 vulnerabilities

5 minute read time

The 'pymafka' PyPI package is filled with trojans targeting Windows, macOS & Linux users and appears to typosquat the popular PyKafka.
Read More...
8 Malicious Packages Found in npm
READ MORE

Open Source Attacks on the Rise: Top 8 Malicious Packages Found in npm

By Ax Sharma on June 08, 2021 featured

10 minute read time

We're rounding up the top 8 malicious cyber attacks on npm that Sonatype has discovered with its next-gen open source security and malware detection tool.
Read More...
READ MORE

New Language? No Problem. New Ecosystems in Sonatype Lifecycle and Repository Firewall

By Alyssa Shames on May 13, 2020 Product

5 minute read time

New ecosystems added to Sonatype Lifecycle and Repository Firewall: Alpine, Bower, Cargo, CocoaPods, Conda, Conan, Composer, CRAN, Debian, Drupal & rpm.
Read More...
GettyImages-135138016
READ MORE

Sonatype Repository Firewall Now Supports JFrog Artifactory Customers

By Michelle Dufty on February 28, 2019 artifact repository

1 minute read time

Artifactory customers can now protect their perimeter from risky open source with Sonatype Repository Firewall.
Read More...